During IT Nation 2013, MSP Product Manager Dima Kumets presented this breakout session, sharing how Umbrella for MSPs can decrease costs, increase revenue, and improve customer retention.
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
1. 1_Title (1)
UMBRELLA FOR MSPs
Enterprise Grade Malware
Protection and Containment
Dima Kumets
MSP Product Manager
Umbrella Confidential
2. Agenda
UMBRELLA FOR MSPs:
Enterprise-Grade Malware Protection
That Lowers Your Costs and Pays For Itself
Dima Kumets, MSP Product Manager
! BACKGROUND
! CHANGING THREAT LANDSCAPE
! INFORMATION TO PRESENT TO CUSTOMERS
! CLOUD SECURITY WITH OPENDNS
! UMBRELLA FOR MSPs PROGRAM
#2 #2Ÿ
18-Nov-13 Ÿ Umbrella Confidential
3. COMPANY BACKGROUND
GLOBAL SECURITY
NETWORK
208.67.220.220
! 50M+ ACTIVE USERS DAILY
! 19 DATA CENTER LOCATIONS
1_Light Title
Only
! ZERO DOWNTIME, SINCE 2006
208.67.222.222
! 50B+ REQUESTS DAILY
! 160+ COUNTRIES W/USERS
! ZERO NET NEW LATENCY
EUROPE, MIDDLE
EAST & AFRICA
AMERICAS
#3 #3Ÿ
18-Nov-13 Ÿ Umbrella Confidential
ASIA-PACIFIC
15. MALWARE HAS BECOME MORE DANGEROUS
CRYPTOLOCKER
CURRENT RANSOMWARE
#15 Ÿ
#15
18-Nov-13 Ÿ Umbrella Confidential
16. MALWARE HAS BECOME MORE DANGEROUS
CRYPTOLOCKER
CURRENT RANSOMWARE
1. 12,13,14 or 15 random characters, TLDs rotating
among .info, .com, .ru, .biz, . co.uk, .org and .net
2. Frequent requests made in very short intervals to about
1000 unique domains following the above string patterns.
3. 24 hour life span
#16 Ÿ
#16
18-Nov-13 Ÿ Umbrella Confidential
17. IP Address Changes
DNS Changes: IP Addresses per Cryptolocker Domain
1_Light Title
Only
#17 Ÿ
#17
18-Nov-13 Ÿ Umbrella Confidential
18. EXPLODING VOLUME: 75M - 450M QUERIES PER DAY
1_Light Title
Only
#18 Ÿ
#18
18-Nov-13 Ÿ Umbrella Confidential
19. BIG DATA EXAMPLE – DGA ALGORITHM
! Goal: try to tell if a domain has been machine generated
! Look at name: bigrams, trigrams, length, entropy, etc.
! Look at timing: concentrated DNS queries with short life spans (temporal progression)
! High level of activity at the time of domain generation -> fades over time
Instance 1
cso0vm2q6g86owao.thepohzi.su
5qloxxe.tohk5ja.cc
k2s0euuz.oogagh.su
Instance 2
v8ylm8e.thepohzi.su
2g24ar4vu8ay6.tohk5ja.cc
d6vh5x1cic1yyz1i.oogagh.su
Instance 3
t2250p29079m6oq8.thepohzi.su
ngb0ef99.tohk5ja.cc
nxdhetohak91794.oogagh.su
#19 Ÿ
#19
18-Nov-13 Ÿ Umbrella Confidential
20. MALWARE CAN DESTROY SMBs
KEYLOGGERS AND BACKDOORS
#20 Ÿ
#20
18-Nov-13 Ÿ Umbrella Confidential
23. ATTACKS INCREASINGLY TARGET SMBs UNDER 250 USERS
36%
18%
2011
JUNE 2012
TARGETED ATTACKS
AGAINST SMBS
83%
77%
69%
#23 Ÿ
#23
18-Nov-13 Ÿ Umbrella Confidential
SMBs NEED MANAGED
ENTERPRISE-GRADE
SECURITY
15x
HAVE NO FORMAL WRITTEN INTERNET
SECURITY POLICY FOR EMPLOYEES
THINK THEIR COMPANY IS SAFE FROM
HACKERS, VIRUSES AND MALWARE
HAVE NO INFORMAL INTERNET
SECURITY POLICY FOR EMPLOYEES
1x
ORGS WITH ORGS WITH
<11 or >100 11-100
EMPLOYEES EMPLOYEES
PROPORTION OF
BREACHES BY ORG SIZE
24. HOW DO YOU PROTECT CUSTOMERS?
ANTI-VIRUS IS JUST
A SINGLE LAYER
IN A DEFENSE IN DEPTH STRATEGY
“SIGNATURE-BASED
TOOLS (AV, FW & IPS)
ARE ONLY EFFECTIVE
AGAINST 30-50% OF
CURRENT SECURITY
THREATS”
#24 Ÿ
#24
18-Nov-13 Ÿ Umbrella Confidential
“CLOUD-BASED PROVIDERS SHOULD
HAVE BETTER REAL-TIME
TELEMETRY OF GLOBAL EVENTS AND
THE ABILITY TO RESPOND TO THESE
EVENTS RAPIDLY BY MODIFYING THE
SOLUTION.”
30. DECREASE MALWARE CLEAN UP EXPENSES
WEB
(PORTS ???)
ANY
PORT
WEB &
ANY
1_Light Title
PROTOCOL
NON-WEB
Only
WEB
ç THE INTERNET
ANY
APP
PREVENTS
MALWARE
CONTAINS
BOTNETS
BLOCKS
PHISHING ATTEMPTS &
INAPPROPRIATE USAGE
YOUR CUSTOMERSè
CLOUD SERVICE
WITH ZERO ADDED LATENCY
#30 Ÿ
#30
18-Nov-13 Ÿ Umbrella Confidential
31. SECURE EVERYWHERE
! COVERAGE FOR WORKERS ON AND OFF THE NETWORK
! COVERAGE FOR BYOD AND UNMANAGED DEVICES
#31 Ÿ
#31
18-Nov-13 Ÿ Umbrella Confidential
32. UMBRELLA BY OPENDNS
THE ONLY CLOUD-DELIVERED
AND DNS-BASED
WEB SECURITY SOLUTION
REQUESTS
1_Light Title TO ADVANCED
MALWARE, BOTNET & PHISHING
Only
80M+
100K+
#32 Ÿ
#32
18-Nov-13 Ÿ Umbrella Confidential
THREATS BLOCKED DAILY
NEW THREAT ORIGINS
DISCOVERED OR PREDICTED DAILY
34. PROFITABLE WEB FILTER
WEB FILTER AS A VALUE ADDED SERVICE
! 60 CATEGORIES
! GRANULAR WHITELIST/BLACKLIST
! CUSTOM BLOCK PAGE
FEATURES TO CHARGE A PREMIUM PRICE
! PER-COMPUTER POLICY
! BYOD AND GUEST FILTERING
! BLOCK PAGE BYPASS CODES
REPORTING AND MONITORING
! REAL-TIME ACTIVITY REPORT
! TOP DOMAINS/TOP CATEGORIES/TOP USERS
! SAVED REPORTS WITH EXPORT
#34 Ÿ
#34
18-Nov-13 Ÿ Umbrella Confidential
35. PROFITABLE WEB FILTER
FAST AND EASY TO MANAGE
! SPEND LESS TIME MANAGING FILTERING
! EASY TO USE AND UNDERSTAND
! CENTRALIZED WEB DASHBOARD
! REMOTE MANAGEMENT
! ALL IN THE BACKGROUND
! MULTI-TENANT
! MULTIPLE CUSTOMER ORGANIZATIONS
! MSP ADMINS HAVE ACCESS TO ALL CUSTOMERS
! CUSTOMERS ARE ISOLATED TO THEIR OWN
ORGANIZATION
#35 Ÿ
#35
18-Nov-13 Ÿ Umbrella Confidential
39. ENTERPRISE-CLASS MANAGEMENT WITHOUT THE ENTERPRISE COMPLEXITY
NETWORK-LEVEL LIGHTWEIGHT AGENT
PROVISIONING WITH AUTOMATION
(ALL DEVICES ON NETWORK
INCLUDING BYOD AND UNMANAGED)
POLICY TO DEPLOY
CLIENT-A:155.21.1.1/28
CLIENT-B: 214.41.3.1/32
CLIENT-C: 23.4.2.4/32
155.21.1.1/28
#39 Ÿ
#39
214.41.3.1/32
18-Nov-13 Ÿ Umbrella Confidential
23.4.2.4/32
40. EASY TO DO BUSINESS WITH
VOLUME
PRICING
MONTHLY
BILLING
BUSINESS PRACTICES
ALIGNED WITH MONTHLY
RECURRING REVENUE MODELS
MANAGE SEATS
ON-DEMAND
#40 Ÿ
#40
18-Nov-13 Ÿ Umbrella Confidential
MULTI-TENANT
DASHBOARD
42. THANK YOU! ANY QUESTIONS?...
FIND US AT
Umbrella.com/msp
FOR TECHNICAL PRODUCT
QUESTIONS, EMAIL ME
DIMA@OPENDNS.COM
OR JUST TWEET
@GETUMBRELLA
#42 Ÿ
#42
18-Nov-13 Ÿ Umbrella Confidential